{"id":"https://openalex.org/W1964579175","doi":"https://doi.org/10.1145/1988630.1988633","title":"Security policy foundations in context UNITY","display_name":"Security policy foundations in context UNITY","publication_year":2011,"publication_date":"2011-05-22","ids":{"openalex":"https://openalex.org/W1964579175","doi":"https://doi.org/10.1145/1988630.1988633","mag":"1964579175"},"language":"en","primary_location":{"id":"doi:10.1145/1988630.1988633","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1988630.1988633","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 7th International Workshop on Software Engineering for Secure Systems","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5111446964","display_name":"M. T. Gamble","orcid":null},"institutions":[{"id":"https://openalex.org/I87208437","display_name":"University of Tulsa","ror":"https://ror.org/04wn28048","country_code":"US","type":"education","lineage":["https://openalex.org/I87208437"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"M. Todd Gamble","raw_affiliation_strings":["University of Tulsa, Tulsa, OK, USA","[University of Tulsa, Tulsa, OK, USA]"],"affiliations":[{"raw_affiliation_string":"University of Tulsa, Tulsa, OK, USA","institution_ids":["https://openalex.org/I87208437"]},{"raw_affiliation_string":"[University of Tulsa, Tulsa, OK, USA]","institution_ids":["https://openalex.org/I87208437"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088977884","display_name":"Rose Gamble","orcid":null},"institutions":[{"id":"https://openalex.org/I87208437","display_name":"University of Tulsa","ror":"https://ror.org/04wn28048","country_code":"US","type":"education","lineage":["https://openalex.org/I87208437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rose F. Gamble","raw_affiliation_strings":["University of Tulsa, Tulsa, OK, USA","[University of Tulsa, Tulsa, OK, USA]"],"affiliations":[{"raw_affiliation_string":"University of Tulsa, Tulsa, OK, USA","institution_ids":["https://openalex.org/I87208437"]},{"raw_affiliation_string":"[University of Tulsa, Tulsa, OK, USA]","institution_ids":["https://openalex.org/I87208437"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5078846285","display_name":"Matthew L. Hale","orcid":"https://orcid.org/0000-0002-8433-2744"},"institutions":[{"id":"https://openalex.org/I87208437","display_name":"University of Tulsa","ror":"https://ror.org/04wn28048","country_code":"US","type":"education","lineage":["https://openalex.org/I87208437"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Matthew L. Hale","raw_affiliation_strings":["University of Tulsa, Tulsa, OK, USA","[University of Tulsa, Tulsa, OK, USA]"],"affiliations":[{"raw_affiliation_string":"University of Tulsa, Tulsa, OK, USA","institution_ids":["https://openalex.org/I87208437"]},{"raw_affiliation_string":"[University of Tulsa, Tulsa, OK, USA]","institution_ids":["https://openalex.org/I87208437"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5111446964"],"corresponding_institution_ids":["https://openalex.org/I87208437"],"apc_list":null,"apc_paid":null,"fwci":1.3207,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.83383533,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"8","last_page":"14"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7604665756225586},{"id":"https://openalex.org/keywords/certification","display_name":"Certification","score":0.6990901231765747},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6855379939079285},{"id":"https://openalex.org/keywords/security-controls","display_name":"Security controls","score":0.6674362421035767},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.6587024927139282},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6189516186714172},{"id":"https://openalex.org/keywords/certified-information-systems-security-professional","display_name":"Certified Information Systems Security Professional","score":0.5677802562713623},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.5648189783096313},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.5585739016532898},{"id":"https://openalex.org/keywords/computer-security-model","display_name":"Computer security model","score":0.5420445203781128},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5272737145423889},{"id":"https://openalex.org/keywords/information-security-standards","display_name":"Information security standards","score":0.5027611255645752},{"id":"https://openalex.org/keywords/security-information-and-event-management","display_name":"Security information and event management","score":0.4991638660430908},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.4848962426185608},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.4622504413127899},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4346630573272705},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.41049087047576904},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3341848850250244},{"id":"https://openalex.org/keywords/cloud-computing-security","display_name":"Cloud computing security","score":0.27125340700149536},{"id":"https://openalex.org/keywords/network-security-policy","display_name":"Network security policy","score":0.2286471426486969},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.19098585844039917},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.0906175971031189}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7604665756225586},{"id":"https://openalex.org/C46304622","wikidata":"https://www.wikidata.org/wiki/Q374814","display_name":"Certification","level":2,"score":0.6990901231765747},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6855379939079285},{"id":"https://openalex.org/C178148461","wikidata":"https://www.wikidata.org/wiki/Q1632136","display_name":"Security controls","level":3,"score":0.6674362421035767},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.6587024927139282},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6189516186714172},{"id":"https://openalex.org/C169537543","wikidata":"https://www.wikidata.org/wiki/Q1056312","display_name":"Certified Information Systems Security Professional","level":5,"score":0.5677802562713623},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.5648189783096313},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.5585739016532898},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.5420445203781128},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5272737145423889},{"id":"https://openalex.org/C139547956","wikidata":"https://www.wikidata.org/wiki/Q6031202","display_name":"Information security standards","level":5,"score":0.5027611255645752},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.4991638660430908},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.4848962426185608},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.4622504413127899},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4346630573272705},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.41049087047576904},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3341848850250244},{"id":"https://openalex.org/C184842701","wikidata":"https://www.wikidata.org/wiki/Q370563","display_name":"Cloud computing security","level":3,"score":0.27125340700149536},{"id":"https://openalex.org/C117110713","wikidata":"https://www.wikidata.org/wiki/Q3394676","display_name":"Network security policy","level":4,"score":0.2286471426486969},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.19098585844039917},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0906175971031189},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/1988630.1988633","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1988630.1988633","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 7th International Workshop on Software Engineering for Secure Systems","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.431.5659","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.431.5659","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.seat.utulsa.edu/wp-content/uploads/2012/03/GambleICSE2011-Security-Policy-Foundations-in-Context-UNITY.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320332178","display_name":"National Institute of Standards and Technology","ror":"https://ror.org/05xpvk416"},{"id":"https://openalex.org/F4320338279","display_name":"Air Force Office of Scientific Research","ror":"https://ror.org/011e9bt93"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":14,"referenced_works":["https://openalex.org/W1494920333","https://openalex.org/W1498274091","https://openalex.org/W1857327297","https://openalex.org/W2067167367","https://openalex.org/W2098634112","https://openalex.org/W2126313201","https://openalex.org/W2148399451","https://openalex.org/W2157483822","https://openalex.org/W2161307885","https://openalex.org/W2244732256","https://openalex.org/W2405129995","https://openalex.org/W2471649366","https://openalex.org/W2620524678","https://openalex.org/W2789436059"],"related_works":["https://openalex.org/W2120086576","https://openalex.org/W4232396753","https://openalex.org/W4399308225","https://openalex.org/W2252827360","https://openalex.org/W2369652520","https://openalex.org/W2349004912","https://openalex.org/W2293554594","https://openalex.org/W2467594283","https://openalex.org/W1964579175","https://openalex.org/W2471649366"],"abstract_inverted_index":{"Security":[0],"certification":[1,19],"includes":[2],"assessing":[3],"an":[4],"information":[5],"system":[6,134],"to":[7,21,54,96,111,119,130],"verify":[8,66],"its":[9],"compliance":[10,135],"with":[11,136],"diverse,":[12],"pre-selected":[13],"security":[14,62,78,105,138],"controls.":[15,99],"The":[16,100],"goal":[17],"of":[18,44,46,61,71],"is":[20,39],"identify":[22],"where":[23,29,48],"controls":[24,106],"are":[25,31,50],"implemented":[26],"correctly":[27],"and":[28,65,75,91,107],"they":[30],"violated,":[32],"creating":[33],"potential":[34],"vulnerability":[35],"risks.":[36],"Certification":[37],"complexity":[38],"magnified":[40],"in":[41,115,127,144],"software":[42],"composed":[43],"systems":[45,47],"there":[49],"limited":[51],"formal":[52],"methodologies":[53],"express":[55],"management":[56],"policies,":[57],"given":[58],"a":[59,88,109,116,128],"set":[60],"control":[63],"properties,":[64],"them":[67],"against":[68],"the":[69,72,145],"interaction":[70],"participating":[73],"components":[74],"their":[76],"individual":[77],"policy":[79,98,113],"implementations.":[80],"In":[81],"this":[82],"paper,":[83],"we":[84],"extend":[85],"Context":[86],"UNITY,":[87],"formal,":[89],"distributed,":[90],"context":[92],"aware":[93],"coordination":[94],"language":[95,102],"support":[97],"new":[101],"features":[103,126],"enforce":[104],"provide":[108],"means":[110],"declare":[112],"specifics":[114],"manner":[117],"similar":[118],"declaring":[120],"variable":[121],"types.":[122],"We":[123],"use":[124],"these":[125],"specification":[129],"show":[131],"how":[132],"verifying":[133],"selected":[137],"controls,":[139],"such":[140],"as":[141],"those":[142],"found":[143],"NIST":[146],"SP800-53":[147],"document,":[148],"can":[149],"be":[150],"accomplished.":[151]},"counts_by_year":[{"year":2017,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2013,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}